Kernel Development Learning Pipeline

Home Courses Articles Slides FAQ

Lecture 5 - 26 September 2023

Topics covered:

Questions on P0
kernelspace vs userspace

Questions on P0

To clarify, you are to submit the following email patch files:
- Email patch file 0 is your cover letter
- Patch 1 adds your Makefile, creating p0/firstname_lastname/Makefile
- Each subsequent patch N implement step N-2 listed on P0. E.g, patch 5 implements step 3

Kernelspace vs userspace

Fundamental difference: CPU privilege level at a given time

On a Linux system, when the CPU is executing code in a fully privileged mode, we say that the CPU is executing the code in kernelspace
On a Linux system, When the CPU is executing code at a restricted privilege level, we say that the CPU is executing the code in userspace

What does CPU privilege enable?

Set behavior on trap
Set behavior on interrupt
- A quick explanation of both
Set virtual-physical address mappings, i.e. configure page tables
Execute privileged instructions
- See this table as an x86 instruction reference
- We discussed RDMSR as an example
- Unpriveleged execution of this instruction raises the #GP(0) CPU exception.
- This is a General Protection Exception
- There are three types of CPU exceptions: faults, traps, and aborts.
- The website linked in the previous bulled, wiki.osdev.org, has a huge about of information on this subject for the interested reader
We experimented bit of assembly code to test out the exception handling codepaths of the Linux kernel.

Userspace Demo

Here’s a short AT&T-style x86 assembly file we can use to generate a binary that will attempt to execute a privileged instruction:

global _start		; declare the _start symbol to have exernal linkage for visibility of linker
_start:				; the true entry point for an x86 executable program
	rdmsr			; execute the RDMSR instruction

Build the object file rdmsr.o from rdmsr.src with:

as -o rdmsr.o rdmsr.src

Create the linked executable binary rdmsr from rdmsr.o with:

ld -o rdmsr rdmsr.o.

Invocation of this binary by ./rdmsr should trigger a protection fault.

More information on the #UD Invalid Opcode exception.

Kernelspace Demo

With a small kernel module, we can get Linux to run the same instruction in kernelspace:

#include <linux/module.h>
#include <linux/init.h>
MODULE_LICENSE("GPL");
static int priv_demo_init(void) {
                /* arbitrary poison values */
                int result_lower_32 = -0xAF, result_upper_32 = -0xBF;
                pr_info("EDX:EAX := MSR[ECX];");
                asm ( "rdmsr"
                : "=r" (result_upper_32), "=r" (result_lower_32) : : );
                pr_info("rdmsr: EDX=0x%x, EAX=0x%x\n",
                                result_lower_32, result_upper_32);
                return 0;
}
static void priv_demo_exit(void) {
                pr_info("rdmsr exiting");
}
module_init(priv_demo_init);
module_exit(priv_demo_exit)

We can build this with the same Makefile as shown here on the E2 page.

Fully Automated demo

We created fully automated demo of privileged and unprivileged instruction execution. To acquire and run this demo, enter your VM and run git clone https://kdlp.underground.software/cgit/priv_rdmsr_demo/ and run make inside the directory.

Before next class

Watch this video about strace and syscalls
Read through the E1 assignment page and check out this completed demo

Important Reminders

P0 requirement	Deadline Time	Deadline Date
initial submission	11:59PM	Tuesday 26 September 2023
peer review	11:59PM	Wednesday 27 September 2023
final submission	11:59PM	Thursday 28 September 2023

ALL P0 SUBMISSIONS GO TO: programming0@kdlp.underground.software